Remove Access-list entry using API

Nando_lavras · February 12, 2011, 7:19pm

Hi all… i trying to use API (more specifically PHP API), i wrote a single script using PHP, but i have a problem to remove a entry in a specific access-list, code below:

$API->debug = true;

if ($API->connect('$serverip', '$user', '$pass')) {
   $API->write("/ip/firewall/address-list/print",false);
   $API->write("?list=specific-list",false);
   $API->write("?address=$userip",false);
   $API->write("=.proplist=.id");
   $READ = $API->read();
   $ARRAY = $API->parse_response($READ);
   $code_remove = str_replace("=.id=","",$ARRAY[0]);
   sleep(1);
   $API->write("/ip/firewall/address-list/remove",false);
   $API->write("=.id=$code_remove");
   $READ = $API->read();
   $ARRAY = $API->parse_response($READ);
   print_r($ARRAY);


   $API->disconnect();

}

This code run on a web page, my client see a page with a message, click in the button (release internet) and this code remove the ip from the access-list releasing the internet… but when i run this code the return is this:

Connection attempt #1 to XXX.XXX.XXX.XXX:9300...
<<< [6] /login
>>> [5/5 bytes read.
>>> [5, 39] !done
>>> [37/37 bytes read.
>>> [37, 1] =ret=e55a1c031b1c89f95b0c870a251dbc6d
<<< [6] /login
<<< [16] =name=myuser
<<< [44] =response=0010dbfeae0694dcf780788bf38a9ae1a5
>>> [5/5 bytes read.
>>> [5, 1] !done
Connected...
<<< [31] /ip/firewall/address-list/print
<<< [21] ?list=specific-list
<<< [21] ?address=XXX.XXX.XXX.XXX
<<< [14] =.proplist=.id
>>> [3/3 bytes read.
>>> [3, 20] !re
>>> [11/11 bytes read.
>>> [11, 8] =.id=*2399E
>>> [5/5 bytes read.
>>> [5, 1] !done
PHP Warning:  preg_match_all() expects parameter 2 to be string, array given in /var/www/msg1/mkapi.php on line 188
PHP Notice:  Undefined offset: 0 in /var/www/msg1/accept.php on line 32
<<< [32] /ip/firewall/address-list/remove
<<< [5] =.id=
>>> [5/5 bytes read.
>>> [5, 1] !done
Array
(
)
Disconnected...

What is wrong in here? Thanks in advance!

Nando_lavras · February 13, 2011, 10:22am

someone?

SurferTim · February 13, 2011, 11:41am

Personally, I don’t do anything to the “.id” return. I use it as it is.

   $API->write("/ip/firewall/address-list/remove",false);
   $API->write("$READ");

ADD: That is kinda untrue. I do strip off the “!re” and “!done” part.

Nando_lavras · February 13, 2011, 11:58am

SurferTim:

Personally, I don’t do anything to the “.id” return. I use it as it is.
   $API->write("/ip/firewall/address-list/remove",false);
   $API->write("$READ");
ADD: That is kinda untrue. I do strip off the “!re” and “!done” part.

<?php
require('mkapi.php');

$API = new routeros_api();

$API->debug = true;

if ($API->connect('XXX.XXX.XXX.XXX', 'myuser', 'mypass')) {
   $API->write("/ip/firewall/address-list/print",false);
   $API->write("?list=specific-list",false);
   $API->write("?address=XXX.XXX.XXX.XXX",false);
   $API->write("=.proplist=.id");
   $READ = $API->read();

   sleep(1);

   $API->write("/ip/firewall/address-list/remove",false);
   $API->write("$READ");

   $API->disconnect();

}
?>

So? I really lost here, as i do this strip??? Thanks in advance…

SurferTim · February 13, 2011, 12:06pm

You will have to modify this to fit php. I use Java for my interface. My read routine returns each response line in a different string variable (vector actually). I check each response line for strings that start with “=.id=”, then use the whole line in your write. Here is the response by line from the router:

!re
=.id=*2399E
!done

Nando_lavras · February 13, 2011, 12:19pm

This is the READ return in PHP…

print_r($READ)

Array
(
    [0] => Array
        (
            [.id] => *2399E
        )

)

I’m looking for a way to do it …

SurferTim · February 13, 2011, 12:33pm

Here is the read and parse:

$READ = $API->read();
$ARRAY = $API->parse_response($READ);

I do not know what parse_response() does. If it stores the response lines in $ARRAY, then you should check each index in that array to find the line that starts with “=.id=”.

Nando_lavras · February 13, 2011, 6:35pm

The script for myself… i have found a solution for this problem…

<?php

$ip = getenv(REMOTE_ADDR);

require('mkapi.php');

$API = new routeros_api();

$API->debug = false;

if ($API->connect('XXX.XXX.XXX.XXX', 'myuser', 'mypass')) {
   $API->write("/ip/firewall/address-list/getall",false);
   $API->write("?list=specific-list",false);
   $API->write("?address=$ip",false);
   $API->write("=.proplist=.id");
   $READ = $API->read();
   $i=0;
   foreach   ($READ as $x) {
           $line=$READ[$i];
           $id=$line['.id'];
           sleep(1);
           $API->write("/ip/firewall/address-list/remove",false);
           $API->write("=.id=$id",true);
           $i++;
           usleep(5000);

           $API->disconnect();

    }
}

?>

Thanks for all… good bye.

SurferTim · February 13, 2011, 6:48pm

If you want that script to work correctly, you should move the disconnect instruction outside the foreach loop. But that is just the way I do things…